Security Engineer
Snap Finance · West Valley City, UT · 1 wk ago
Information TechnologyFull-time
About the role
The Security Engineer will own the day-to-day security of our multi-region AWS environment, including security tooling, incident response, vulnerability management, and automation. They will also support security metrics, compliance, and executive/board reporting.
Responsibilities
- Secure and Operate the Cloud Environment
- Operate the full security toolset: CSPM, SIEM, vulnerability management, network security, ZTNA, DLP, EDR, and endpoint management
- Drive the vulnerability management lifecycle end to end: scan cadence, prioritization, remediation SLAs, and reporting
- Manage identity and access infrastructure in collaboration with IT, spanning MFA, IAM, IGA, privileged access, and credential management
- Lead the buildout of a Privileged Access Management (PAM) program
- Support ongoing cloud migration security workstreams
- Maintain risk registers and GRC platforms; ensure findings are triaged and resolved within SLA
- Coordinate audit evidence collection for SOC 2 Type II, PCI DSS 4.0, and CyberEssentials+
- Contribute to executive and board-level security reporting — translate operational data into clear program narratives
- Build, Automate, and Elevate the Team
- Set the coding and AI standard for the InfraSecOps team — write tools, automate workflows, and actively mentor peers in modern security engineering practices
- Develop API integrations between security tools to eliminate manual handoffs and improve data fidelity
- Contribute to security-as-code practices: IaC security reviews, CI/CD pipeline hardening, and software supply chain controls
- Champion AI-native tooling across the team; evaluate and implement AI-assisted detection, threat hunting, and response capabilities
- Build and contribute to Agentic AI frameworks within the security program
- Stay current on AI security risks — prompt injection, model abuse, shadow AI — and turn awareness into practical controls
- Own the Security Program Within Your Domain
- Maintain the security program roadmap and key results for your domain, including compliance attestation timelines and remediation SLA adherence
- Track and mature the security tool portfolio: monitor adoption, measure effectiveness, and drive continuous improvement
- Own the Security Program Within Your Domain
- Maintain risk registers and GRC platforms; ensure findings are triaged and resolved within SLA
- Coordinate audit evidence collection for SOC 2 Type II, PCI DSS 4.0, and CyberEssentials+
- Contribute to executive and board-level security reporting — translate operational data into clear program narratives
- Build, Automate, and Elevate the Team
- Set the coding and AI standard for the InfraSecOps team — write tools, automate workflows, and actively mentor peers in modern security engineering practices
- Develop API integrations between security tools to eliminate manual handoffs and improve data fidelity
- Contribute to security-as-code practices: IaC security reviews, CI/CD pipeline hardening, and software supply chain controls
- Champion AI-native tooling across the team; evaluate and implement AI-assisted detection, threat hunting, and response capabilities
- Build and contribute to Agentic AI frameworks within the security program
- Stay current on AI security risks — prompt injection, model abuse, shadow AI — and turn awareness into practical controls
- Own the Security Program Within Your Domain
- Maintain the security program roadmap and key results for your domain, including compliance attestation timelines and remediation SLA adherence
- Track and mature the security tool portfolio: monitor adoption, measure effectiveness, and drive continuous improvement
- Own the Security Program Within Your Domain
- Maintain risk registers and GRC platforms; ensure findings are triaged and resolved within SLA
- Coordinate audit evidence collection for SOC 2 Type II, PCI DSS 4.0, and CyberEssentials+
- Contribute to executive and board-level security reporting — translate operational data into clear program narratives
- Build, Automate, and Elevate the Team
- Set the coding and AI standard for the InfraSecOps team — write tools, automate workflows, and actively mentor peers in modern security engineering practices
- Develop API integrations between security tools to eliminate manual handoffs and improve data fidelity
- Contribute to security-as-code practices: IaC security reviews, CI/CD pipeline hardening, and software supply chain controls
- Champion AI-native tooling across the team; evaluate and implement AI-assisted detection, threat hunting, and response capabilities
- Build and contribute to Agentic AI frameworks within the security program
- Stay current on AI security risks — prompt injection, model abuse, shadow AI — and turn awareness into practical controls
- Own the Security Program Within Your Domain
- Maintain the security program roadmap and key results for your domain, including compliance attestation timelines and remediation SLA adherence
- Track and mature the security tool portfolio: monitor adoption, measure effectiveness, and drive continuous improvement
- Own the Security Program Within Your Domain
- Maintain risk registers and GRC platforms; ensure findings are triaged and resolved within SLA
- Coordinate audit evidence collection for SOC 2 Type II, PCI DSS 4.0, and CyberEssentials+
- Contribute to executive and board-level security reporting — translate operational data into clear program narratives
- Build, Automate, and Elevate the Team
- Set the coding and AI standard for the InfraSecOps team — write tools, automate workflows, and actively mentor peers in modern security engineering practices
- Develop API integrations between security tools to eliminate manual handoffs and improve data fidelity
- Contribute to security-as-code practices: IaC security reviews, CI/CD pipeline hardening, and software supply chain controls
- Champion AI-native tooling across the team; evaluate and implement AI-assisted detection, threat hunting, and response capabilities
- Build and contribute to Agentic AI frameworks within the security program
- Stay current on AI security risks — prompt injection, model abuse, shadow AI — and turn awareness into practical controls
- Own the Security Program Within Your Domain
- Maintain the security program roadmap and key results for your domain, including compliance attestation timelines and remediation SLA adherence
- Track and mature the security tool portfolio: monitor adoption, measure effectiveness, and drive continuous improvement
- Own the Security Program Within Your Domain
- Maintain risk registers and GRC platforms; ensure findings are triaged and resolved within SLA
- Coordinate audit evidence collection for SOC 2 Type II, PCI DSS 4.0, and CyberEssentials+
- Contribute to executive and board-level security reporting — translate operational data into clear program narratives
- Build, Automate, and Elevate the Team
- Set the coding and AI standard for the InfraSecOps team — write tools, automate workflows, and actively mentor peers in modern security engineering practices
- Develop API integrations between security tools to eliminate manual handoffs and improve data fidelity
- Contribute to security-as-code practices: IaC security reviews, CI/CD pipeline hardening, and software supply chain controls
- Champion AI-native tooling across the team; evaluate and implement AI-assisted detection, threat hunting, and response capabilities
- Build and contribute to Agentic AI frameworks within the security program
- Stay current on AI security risks — prompt injection, model abuse, shadow AI — and turn awareness into practical controls
- Own the Security Program Within Your Domain
- Maintain the security program roadmap and key results for your domain, including compliance attestation timelines and remediation SLA adherence
- Track and mature the security tool portfolio: monitor adoption, measure effectiveness, and drive continuous improvement
- Own the Security Program Within Your Domain
- Maintain risk registers and GRC platforms; ensure findings are triaged and resolved within SLA
- Coordinate audit evidence collection for SOC 2 Type II, PCI DSS 4.0, and CyberEssentials+
- Contribute to executive and board-level security reporting — translate operational data into clear program narratives
- Build, Automate, and Elevate the Team
- Set the coding and AI standard for the InfraSecOps team — write tools, automate workflows, and actively mentor peers in modern security engineering practices
- Develop API integrations between security tools to eliminate manual handoffs and improve data fidelity
- Contribute to security-as-code practices: IaC security reviews, CI/CD pipeline hardening, and software supply chain controls
- Champion AI-native tooling across the team; evaluate and implement AI-assisted detection, threat hunting, and response capabilities
- Build and contribute to Agentic AI frameworks within the security program
- Stay current on AI security risks — prompt injection, model abuse, shadow AI — and turn awareness into practical controls
- Own the Security Program Within Your Domain
- Maintain the security program roadmap and key results for your domain, including compliance attestation timelines and remediation SLA adherence
- Track and mature the security tool portfolio: monitor adoption, measure effectiveness, and drive continuous improvement
- Own the Security Program Within Your Domain
- Maintain risk registers and GRC platforms; ensure findings are triaged and resolved within SLA
- Coordinate audit evidence collection for SOC 2 Type II, PCI DSS 4.0, and CyberEssentials+
- Contribute to executive and board-level security reporting — translate operational data into clear program narratives
- Build, Automate, and Elevate the Team
- Set the coding and AI standard for the InfraSecOps team — write tools, automate workflows, and actively mentor peers in modern security engineering practices
- Develop API integrations between security tools to eliminate manual handoffs and improve data fidelity
- Contribute to security-as-code practices: IaC security reviews, CI/CD pipeline hardening, and software supply chain controls
- Champion AI-native tooling across the team; evaluate and implement AI-assisted detection, threat hunting, and response capabilities
- Build and contribute to Agentic AI frameworks within the security program
- Stay current on AI security risks — prompt injection, model abuse, shadow AI — and turn awareness into practical controls
- Own the Security Program Within Your Domain
- Maintain the security program roadmap and key results for your domain, including compliance attestation timelines and remediation SLA adherence
- Track and mature the security tool portfolio: monitor adoption, measure effectiveness, and drive continuous improvement
- Own the Security Program Within Your Domain
- Maintain risk registers and GRC platforms; ensure findings are triaged and resolved within SLA
- Coordinate audit evidence collection for SOC 2 Type II, PCI DSS 4.0, and CyberEssentials+
- Contribute to executive and board-level security reporting — translate operational data into clear program narratives
- Build, Automate, and Elevate the Team
- Set the coding and AI standard for the InfraSecOps team — write tools, automate workflows, and actively mentor peers in modern security engineering practices
Similar jobs
Security Engineer
Information Technologyapply on grnh.se
Security Engineer
RemoteInformation Technology$85/hrapply on candidateportalnew.ceipal.com
Security Engineer
Information Technologyapply on recruiting.paylocity.com
Security Engineer
Engineering$74k–$93k/yrapply on recruit.hirebridge.com
Security Engineer
Information Technologyapply on ajax.googleapis.com
Security Engineer
Manufacturingapply on workforcenow.adp.com